Should AWS certify under ISO27018?

CertifiedAWS does not access, disclose or use customer content, including personal content, stored or processed in the AWS cloud. The customer is in control of that. This might explain why the AWS terms exclude liability for data loss.

But Amazon’s WorkMail and WorkDocs suites change that.  Amazon have ISO certifications already and they want to be seen as being active in this space in helping to protect data so, presumably next stop is the new ISO27018 code of practice for the “protection of personally identifiable information (PII) in public clouds acting as PII processors”.? Microsoft has it already.

What do you think? Go visit the full article with views from me and others: AWS urged to follow Azure on cloud data privacy.

UPDATE: AWS now has this data protection page on its website which states “The Article 29 Working Party has approved the AWS Data Processing Agreement which includes the Model Clauses.” Progress.

Image courtesy of Stuart Milesat at


  1. Great article Frank and I think their customers would expect this, whether they do it is another matter all together… to be fair to Microsoft they’re making some huge strides forward across that company and are making some pretty radical changes which we would not have seen in Microsoft 5-10 years ago. Personally I applaud them for the certification as I did when they released guidance for the configuration of SharePoint to comply with 21 CFR Part 11 compliance.

    Here’s hoping Microsoft continue and others follow suit.

    Liked by 1 person

What's your view? Leave a comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.